FROST attack compromises Android smartphones using cold

If you use an Android smartphone, you may feel secure in the fact that your PIN number or unlock pattern will protect the data on your device if you should lose it. As it turns out, neither of those security protections may be able to protect your device from a new attack that exploits the phone after it's been placed in a freezer and thoroughly chilled. The attack is called the "FROST" attack and has been demonstrated by a pair of researchers from Erlangen University in Germany.

The researchers were able to demonstrate that a "cold boot attack" can read data from a Samsung Galaxy Nexus smartphones running the latest version of the Android operating system. The researchers were successful in accessing data on the smartphone even though the phone was protected by a PIN number and had contents of its storage disk encrypted. The researchers are calling their attack FROST or Forensic Recovery of Scrambled Telephones.

The process involves placing the phone in a freezer and chilling it to around 5°F and then quickly rebooting it. The researchers say that they discovered using this technique they were able to read data from the phone memory including images, e-mails, and the web browsing history. The researchers report that in some cases there were able to retrieve the key allowing them to decrypt the phones encrypted storage drive.

This attack technique was demonstrated on computers back in 2008, but this is the first time it has been used to exploit mobile devices. Forbes reports that the attack takes advantage of something called "remanence," a term describing information that lingers in the memory of the device for a few moments after the power source has been removed. FROST takes advantage of the fact that the colder the memory, the longer the information is able to linger. The researchers removed the phone battery and replaced it while holding the power and volume buttons causing the phone to enter fastboot mode. Data can then be offloaded from the phones RAM via USB. The only defense from this attack is apparently to turn the phone off before it leaves the owner's possession.